2a07aa7c88139777b6c94587268714f448c78edefdae2000d2bd123a6b12afbb

Sharing

Copy URL Twitter E-mail

General

Target

2a07aa7c88139777b6c94587268714f448c78edefdae2000d2bd123a6b12afbb
Size

55KB
MD5

a311803585390f84ec5632a12a5fd60a
SHA1

16b26ff0165492692332eca710adefa9a8963256
SHA256

2a07aa7c88139777b6c94587268714f448c78edefdae2000d2bd123a6b12afbb
SHA512

4df8f38f9ae5621edc5f2a7a59f1ecda812d1300113150b4eb8db7fda47774e6703003221c0f34882f3e1486f522154b4d245112e7aa355e074d34894f21653e
SSDEEP

768:xLLeHRnt8qJLIF9OpQVGLxMnVFg1y8wuS+D08qr9MeJ5y/jso5zMb:xLLe5t7dpXenfg1y8wuPD0dOc5y/Vib

Score

N/A

Malware Config

Signatures

Files

2a07aa7c88139777b6c94587268714f448c78edefdae2000d2bd123a6b12afbb
.exe windows x86

b5e8dc5ac5f300632974484da19cba12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
memset
RtlQueryRegistryValues
KeSetEvent
IofCallDriver
IofCompleteRequest
ObfReferenceObject
KeInitializeEvent
_vsnwprintf
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoFreeIrp
IoBuildDeviceIoControlRequest
PoStartNextPowerIrp
PoSetPowerState
IoCreateArcName
IoDeleteDevice
IoDetachDevice
IoFreeWorkItem
IoReleaseRemoveLockAndWaitEx
ObfDereferenceObject
IoDeleteSymbolicLink
IoUnregisterPlugPlayNotification
IoAllocateIrp
PoCallDriver
IoAllocateWorkItem
IoInitializeRemoveLockEx
KeInitializeMutex
IoAttachDeviceToDeviceStack
IoCreateDevice
IoRegisterPlugPlayNotification
IoCreateSymbolicLink
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoReportTargetDeviceChangeAsynchronous
IoGetAttachedDeviceReference
IoWritePartitionTableEx
IoReadPartitionTableEx
IoCreateDisk
IoSetPartitionInformationEx
KeQueryActiveProcessorCount
KeQueryMaximumProcessorCount
KeQuerySystemTime
_alldiv
IoGetBootDiskInformationLite
RtlCheckRegistryKey
ZwOpenKey
ZwClose
IoOpenDeviceRegistryKey
ZwCreateKey
RtlDeleteElementGenericTableAvl
IoBuildSynchronousFsdRequest
RtlComputeCrc32
RtlFreeUnicodeString
RtlStringFromGUID
ExUuidCreate
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
IoReuseIrp
IoGetDeviceObjectPointer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
IoMakeAssociatedIrp
IoQueueWorkItem
KeClearEvent
RtlEqualUnicodeString
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
IoForwardIrpSynchronously
RtlWriteRegistryValue
KeWaitForSingleObject
KeReleaseMutex
RtlInitializeGenericTableAvl
_allmul

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5e8dc5ac5f300632974484da19cba12

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 1024B - Virtual size: 572B

.data Size: 512B - Virtual size: 328B

PAGE Size: 19KB - Virtual size: 19KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 1024B - Virtual size: 572B

.data
Size: 512B - Virtual size: 328B

PAGE
Size: 19KB - Virtual size: 19KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB